.htaccess允许仅访问包含中的文件
[英].htaccess allow access to files only from includes
问题描述
I have various subfolders on my website and I would like for the user not to be able to access them through URL but on the same time my main PHP files to be able to include them or use them as actions on forms or links. 
我的网站上有多个子文件夹,我希望用户不能通过URL访问它们,但同时希望我的主要PHP文件能够包含它们或将它们用作对表单或链接的操作。
I tried using an .htaccess with 我尝试将.htaccess与
<Files *>
Order Allow,Deny
Deny from All
</Files>
but it denied all access even from within my own scripts. 但它甚至拒绝从我自己的脚本中进行所有访问。 Logical as I found out, but I cannot know how to make it work. 正如我发现的那样逻辑,但是我不知道如何使其工作。 Any ideas? 有任何想法吗?
PS My main concern is that some of the files are not included in main PHP files BUT they are linked there and their code ends up with a header('Location: ../index.php'); PS我主要担心的是,某些文件未包含在主PHP文件中,但它们链接到该文件中,并且它们的代码最终以header('Location: ../index.php'); returning to the main page of the project. 返回到项目的主页。
6 个解决方案
解决方案1
7 2012-10-08 09:57:34
I see a lot of answers with Allow,Deny not Deny,Allow 我看到了很多关于“允许,拒绝不拒绝,允许”的答案
The order of this matters and is causing the problem. 此顺序很重要,并且正在引起问题。 You are telling the computer that deny is more important than allow, because it is listed last. 您是在告诉计算机“拒绝”比“允许”更重要,因为“拒绝”列在最后。 To show you... if you say: 给你看...如果你说:
<Files .htaccess>
Order Allow,Deny
Deny From All
Allow From xxx.xxx.xxx.xxx 127.0.0.1
</Files>
You are saying first Allow anyone Allowed, then Deny All... Which still Denies ALL. 您说的是首先允许所有人,然后拒绝全部...仍然拒绝所有。
If you reverse to Deny,Allow you are saying Deny All, then Allow anyone Allowed. 如果您撤消拒绝,则允许您说全部拒绝,然后允许任何人允许。
<Files .htaccess>
Order Deny,Allow
Deny From All
Allow From xxx.xxx.xxx.xxx 127.0.0.1
</Files>
Allow command, being more important, because it is the final command, is therefore allowing those listed after Allow From command. 更重要的是,Allow命令是最终命令,因此它允许在Allow From命令之后列出的命令。
xxx.xxx.xxx.xxx = Your IP xxx.xxx.xxx.xxx =您的IP
解决方案2
3 2012-03-22 15:21:49
There is an even safer method. 有一种更安全的方法。 Store your include files below the web accessible folders. 将包含文件存储在可通过Web访问的文件夹下。 So if your web files are here... 因此,如果您的网络文件在这里...
/var/www/mysite.com/
Store your include files here: 将包含文件存储在这里:
/var/includes/
Then include them with a full path... 然后将它们包含完整的路径...
include '/var/includes/myincludes.inc.php';
From the web, the myincludes.inc.php file is completely inaccessible. 从网上完全无法访问myincludes.inc.php文件。
解决方案3
3 2012-03-22 15:24:31
Do this: 做这个:
<Files *>
Order Deny,Allow
Allow from 192.168.100.123 127.0.0.1
Deny from all
</Files>
The list of IP's will be specific hosts you allow, like localhost. IP列表将是您允许的特定主机,例如localhost。
This also works with the directive, not just file, if you want only certain directories blocked. 如果只希望阻止某些目录,则此命令也适用于指令,而不仅仅是文件。
解决方案4
1 2012-03-22 15:20:14
Usually to protect these logic files from public access you can 通常,为了保护这些逻辑文件不被公共访问,您可以
- put it in protected directory, above htdocs 将其放在htdocs上方的受保护目录中
- add a check for public constant..
if(!is_defined(some_root_const)){die();}添加对公共常量的检查.. if(!is_defined(some_root_const)){die();} - change extension to .inc or something.. and deny with .htaccess based on that 将扩展名更改为.inc或其他内容。并基于此拒绝.htaccess
解决方案5
1 2012-03-22 15:23:23
put your application code outside of your public html folder. 将您的应用程序代码放在公共html文件夹之外。 then you can add an include path at the top of your scripts to allow your script to access them as if they were in the same folder. 那么您可以在脚本顶部添加一个包含路径,以允许您的脚本访问它们,就像它们在同一文件夹中一样。
http://php.net/manual/en/function.set-include-path.php http://php.net/manual/zh/function.set-include-path.php
解决方案6
0 2012-03-22 15:33:38
In you .htaccess you will have to specify which IP's, hosts you want to allow and you can do it per directory as well. 在.htaccess中,您必须指定要允许的IP,主机,也可以按目录进行操作。 for eg 例如
<Directory /dir/to/block>
Order Allow,Deny
Allow from 192.168.0.1 4.4.4.4
Deny from All
</Directory>
<Directory /dir/to/allow>
Order Allow, Deny
Allow from All
</Directory>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.